In the Claims: 

This listing of the claims will replace all previous versions, and listings, of 
the claims in this application. 

Claims 1-48 were previously pending. 
Claims 20, 22, 29-31 and 37 are amended. 
Claims 1-48 are pending. 

Listing of Claims: 

1. (Original) A system comprising: 
a set of filters; 

a mapping of virtual addresses to network addresses; and 

a controller, coupled to the set of filters and the mapping, to, 

access, upon receipt of a data packet requested to be sent from a computing 

device to a target device via a network, the set of filters and determine whether the 

data packet can be sent to the target device based on whether the computing device 

is allowed to communicate with the target device, 

replace, based on the mapping, the target address in the data packet with a 

corresponding target network address; and 

forward the data packet to the target device at the target network address if 

it is determined the data packet can be sent to the target device. 

2. (Original) A system as recited in claim 1, wherein the controller is 
fiirther to prevent the computing device from modifying any of the filters in the set 
of filters. 
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3. (Original) A system as recited in claim 1, wherein the computing device 
includes the system. 

4. (Original) A system as recited in claim 1, wherein the controller is to 
make the computing device aware of the virtual addresses in the mapping but to 
hide the network addresses in the mapping from the computing device. 

5. (Original) A system as recited in claim 1, wherein the controller is 
further to allow the set of filters to be modified by a plurality of remote devices 
operating at a plurality of different managerial levels. 

6. (Original) A system as recited in 5, further comprising allowing the set 
of filters to be modified by a lower managerial level remote device only if the 
modifications are not less restrictive than modifications imposed by a higher 
managerial level remote device. 

7. (Original) A method comprising: 

maintaining, at a computing device, a set of filters that restrict the ability of 
the computing device to communicate with other computing devices; 

allowing the set of filters to be modified from a remote device; and 
preventing the computing device from modifying the set of filters. 

8. (Original) A method as recited in claim 7, wherein restriction of the 
ability of the computing device to communicate with other computing devices 



lee@hayes puc sos- 324-9256 



12 



Application No. 09/695,821 



comprises restricting the computing device from transmitting data packets to one 
or more other computing devices. 

9. (Original) A method as recited in claim 7, wherein modification of the 
set of filters includes one or more of: adding a new filter to the set of filters, 
deleting a filter from the set of filters, and changing one or more parameters of a 
filter in the set of filters. 

10. (Original) A method as recited in claim 7, wherein one or more filters 
in the set of filters restrict one or more of the transmission of data packets of a 
particular type from the computing device and reception of data packets of a 
particular type at the computing device. 

1 1 . (Original) A method as recited in claim 7, wherein one or more filters 
in the set of filters restrict one or more of the transmission of Internet Protocol (IP) 
data packets from the computing device and reception of IP data packets at the 
computing device based on one or more of: a source address, a destination IP 
address, a source port, a destination port, and a protocol. 

12. (Original) A method as recited in claim 7, wherein one or more filters 
in the set of filters identifies that a data packet targeting a particular address can be 
transmitted from the computing device to the addressed device, and further 
identifies a new address that the particular address from the data packet is to be 
changed to prior to being communicated to the addressed device. 
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13. (Original) A method as recited in claim 7, wherein one of the filters in 
the set of filters is a permissive filter that indicates a data packet can be passed to 
its targeted destination device if the data packet parameters match corresponding 
parameters of the filter. 

14. (Original) A method as recited in claim 7, wherein one of the filters in 
the set of filters is an exclusionary filter that indicates a data packet cannot be 
passed to its targeted destination device if the data packet parameters match 
corresponding parameters of the filter. 

15. (Original) A method as recited in claim 7, wherein the allowing 
comprises allowing the set of filters to be modified by a plurality of remote 
devices operating at a plurality of different managerial levels. 

16. (Original) A method as recited in 15, further comprising allowing the 
set of filters to be modified by a lower managerial level remote device only if the 
modifications are not less restrictive than modifications imposed by a higher 
managerial level remote device. 

17. (Original) A method as recited in claim 7, wherein each filter includes 
a plurality of filter parameters, and wherein each of the plurality of filter 
parameters can include wildcard values. 
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18. (Original) A method as recited in claim 1, wherein the set of filters 
restrict the ability of the computing device to communicate with other computing 
devices on a per-data packet basis, wherein each filter includes a plurality of filter 
parameters, and wherein each filter parameter includes a filter value and a mask 
value indicating which portions of the filter value must match a corresponding 
parameter in a data packet for the data packet to satisfy the filter. 

19. (Original) One or more computer-readable memories containing a 
computer program that is executable by a processor to perform the method recited 
in claim 7. 

20. (Currently amended) A network mediator comprising: 
a set of filters; and 

a controller, coupled to the set of filters, to, 

access, upon receipt of a data packet requested to be sent from a computing 
device to a target device via a network, the set of filters and determine whether the 
data packet can be sent to the target device based on whether the computing device 
is allowed to communicate with the target device, and 

pr e v e nting prevent the computing device from modifying any of the filters 
in the set of filters. 

21. (Original) A network mediator as recited in claim 20, wherein the 
controller is further to access, upon receipt of another data packet from another 
target device via the network, the set of filters and determine whether the data 
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packet can be received at the computing device based on whether the computing 
device is allowed to receive communications from the other target device. 

22. (Currently amended) A network mediator as recited in claim 20, 
further comprising a capability for modifying the filters responsive to one or more 
commands from any of plurality of remote devices operating at a plurality of 
different managerial levels , wherein the modifying of a filter includes one or more 
of: adding a new filter to the set of filters, deleting a filter from the set of filters, 
and changing one or more parameters of a filter in the set of filters, 

23. (Original) A network mediator as recited in claim 20, wherein the 
network mediator is coupled to the computing device. 

24. (Original) A network mediator as recited in claim 20, wherein the 
computing device includes the network mediator. 

25. (Original) A network mediator as recited in claim 20, wherein each 
filter in the set of filters includes a plurality of filter parameters, and wherein each 
filter parameter includes a filter value and a mask value indicating which portions 
of the filter value must match a corresponding parameter in the data packet for the 
data packet to satisfy the filter. 
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26. (Original) A network mediator as recited in claim 25, wherein the 
controller is to allow the data packet to be forwarded to the target device if the 
data packet satisfies the filter. 

27. (Original) A network mediator as recited in claim 25, wherein the 
controller is to prevent the data packet from being forwarded to the target device if 
the data packet satisfies the filter. 

28. (Original) A method comprising: 

maintaining a set of filters that restrict the ability of a computing device to 
communicate with other computing devices; 

allowing multiple remote computing devices, each corresponding to a 
different managerial level, to modify the set of filters; and 

preventing a lower managerial level device from modifying the set of filters 
in a manner that would result in a violation of a filter added by a higher 
managerial level device. 

29. (Currently amended) A method as recited in claim 28, wherein the 
preventing comprises: 

receiving a request from the lower managerial level device to modify the 
set of filters; 

determining whether the r e qu e st e d modification request to modify would 
result in a violation of a filter previously added to the set of filters by the higher 
managerial device; and 
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performing the r e qu e sted modification request to modify when if the 
r e qu e st e d modification request to modify would not resuh in a violation, and 
otherwise not performing the r e qu e st e d modification request to modify . 

30. (Currently amended) A method as recited in 29, wherein the r e qu e st e d 
modification request to modify comprises one or more of: adding a filter to the set 
of filters, modifying a filter in the set of filters, and deleting a filter from the set of 
filters. 

31. (Currently amended) A method as recited in claim 28, wherein the 
violation occurs if when the r e qu e st e d modification request to modify would result 
in a filter being less restrictive that the filter added by the higher managerial level 
device. 

32. (Original) A method as recited in claim 28, further comprising 
preventing the computing device fi"om modifying the set of filters. 

33. (Original) A method as recited in claim 28, wherein the set of filters 
restrict the ability of the computing device to communicate with other computing 
devices on a per-data packet basis, wherein each filter includes a plurality of filter 
parameters, and wherein each filter parameter includes a filter value and a mask 
value indicating which portions of the filter value must match a corresponding 
parameter in a data packet for the data packet to satisfy the filter. 
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34. (Original) One or more computer-readable memories containing a 
computer program that is executable by a processor to perform the method recited 
in claim 28. 

35. (Original) One or more computer-readable media having stored 
thereon a computer program to implement a multiple-level filter administration 
scheme and including a plurality of instructions that, when executed by one or 
more processors, causes the one or more processors to perform acts including: 

allowing a first computing device operating at a first of the multiple levels 
to modify a set of filters corresponding to a filtered device; and 

allowing a second computing device operating at a second of the multiple 
levels to modify the set of filters only if the modification is at least as restrictive as 
the filters imposed by the first computing device. 

36. (Original) One or more computer-readable media as recited in claim 
35, wherein the plurality of instructions further include instructions that, when 
executed by the one or more processors, causes the one or more processors to 
perform acts including allowing the first computing device to remove a filter from 
the set of filters imposed by the first computing device but not allowing the second 
computing device to remove the filter. 

37. (Currently amended) One or more computer-readable media as recited 
in claim 35, wherein modifying allowing the first or the second computing device 
to modify the set of filters comprises one or more of: adding a new filter to the set 
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of filters, removing a filter fi^om the set of filters, and changing parameters of a 
filter in the set of filters. 

38. (Original) One or more computer-readable media as recited in claim 
35, wherein the plurality of instructions fiarther include instructions that, when 
executed by the one or more processors, causes the one or more processors to 
perform acts including preventing the filtered device from modifying the set of 
filters. 

39. (Original) A method comprising: 

maintaining an association of virtual addresses and corresponding network 
addresses; 

making a computing device aware of the virtual addresses; 

hiding the network addresses from the computing device; 

receiving, from the computing device, a data packet intended for a target 
computing device corresponding to a target virtual address; 

replacing, based on the target virtual address, the target virtual address with 
the corresponding target network address; and 

forwarding the data packet to the target computing device at the target 
network address. 

40. (Original) A method as recited in claim 39, wherein the replacing 
comprises performing the replacing transparent to the computing device. 
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41. (Original) A method as recited in claim 39, further comprising: 
receiving, from a source device, another data packet that is intended for the 

computing device, wherein the other data packet includes a network address of the 
source device; and 

replacing, based on the network address of the source device, the network 
address of the source device with a corresponding virtual address. 

42. (Original) A method as recited in claim 39, further comprising: 
maintaining, at the computing device, a set of filters that further restrict the 

ability of the computing device to communicate with other computing devices; 
allowing the set of filters to be modified from a remote device; and 
preventing the computing device from modifying the set of filters. 

43. (Original) A method as recited in claim 39, further comprising: 
maintaining a set of filters that restrict the ability of the computing device 

to communicate with other computing devices; 

allowing multiple remote computing devices, each corresponding to a 
different managerial level, to modify the set of filters; and 

preventing a lower managerial level device from modifying the set of filters 
in a manner that would result in a violation of a filter added by a higher 
managerial level device. 
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44. (Original) One or more computer-readable memories containing a 
computer program that is executable by a processor to perform the method recited 
in claim 39. 

45. (Original) A network mediator comprising: 

a mapping of virtual addresses to network addresses; and 
a controller, coupled to the mapping, to, 

make a corresponding computing device aware of the virtual addresses, 
hide the network addresses from the computing device, 
receive, from the computing device, a data packet intended for a target 
computing device corresponding to a target virtual address, 

: . replace, based on the target virtual address, the target virtual address with 
the corresponding target network address, and 

forward the data packet to the target computing device at the target network 
address. 

46. (Original) A network mediator as recited in claim 45, wherein the 
network mediator is communicatively coupled to the computing device. 

47. (Original) A network mediator as recited in claim 45, wherein the 
computing device includes the network mediator. 
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48. (Original) A network mediator as recited in claim 45, further 
comprising: 

a set of filters that further restrict the ability of the computing device to 
communicate with other computing devices; and 
wherein the controller is further to, 

allow the set of filters to be modified from a remote device, and 
prevent the computing device from modifying the set of filters. 
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